5Kas
how is CVE-2021-22044 risky
I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044
The description says:
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods.
Also on spring page https://spring.io/security/cve-2021-22044 they say:
Although a response is not returned for a request sent in this way, it does reach the corresponding server-side endpoint.
I dont understand how this is risky if the response is never returned? How could this CVE be exploitable?
